CVE-2026-1885

The Slideshow Wp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sswpid' attribute of the 'sswp-slide' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2026-1885 Slideshow Wp <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sswp-slide' Shortcode 'sswpid' Attribute

The Slideshow Wp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sswpid' attribute of the 'sswp-slide' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2026-1885

The CVE-2026-1885 issue affects the WordPress Slideshow Wp plugin (versions up to 1.1). It is a Stored Cross-Site Scripting (XSS) vulnerability via the sswpid attribute of the sswp-slide shortcode, caused by insufficient input sanitization/output escaping. Exploitation requires authenticated acce...

WordPress plugin Slideshow Wp 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2024-14942 · WordPress · The Master Slider

Name of the Vulnerable Software and Affected Versions: The Master Slider – Responsive Touch Slider plugin for WordPress versions up to, and including, 3.9.9 Description: The issue arises from insufficient input sanitization and output escaping on the user-supplied css class attribute in the...

CVE-2024-3703

The Carousel Slider WordPress plugin before 2.2.10 does not validate and escape some of its Slide options before outputting them back in the page/post where the related Slide shortcode is embed, which could allow users with the Editor role and above to perform Stored Cross-Site Scripting attacks...

PT-2024-22206 · WordPress · The Shopkeeper Extender

Name of the Vulnerable Software and Affected Versions: The Shopkeeper Extender plugin for WordPress versions up to, and including, 3.5 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's 'image slide' shortcode, allowi...

CVE-2024-1449

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's msslide shortcode in all versions up to, and including, 3.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

PT-2024-18055 · WordPress · The Master Slider

Name of the Vulnerable Software and Affected Versions: The Master Slider – Responsive Touch Slider plugin for WordPress versions up to, and including, 3.9.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's ms slide shortcode due to insufficient input sanitization...